package org.apache.geode.internal.net;

import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.geode.GemFireConfigException;
import org.apache.geode.distributed.internal.DistributionConfig;
import org.apache.geode.internal.admin.SSLConfig;
import org.apache.geode.internal.security.SecurableCommunicationChannel;

/* loaded from: input_file:org/apache/geode/internal/net/SSLConfigurationFactory.class */
public class SSLConfigurationFactory {
    public static final String JAVAX_KEYSTORE = "javax.net.ssl.keyStore";
    public static final String JAVAX_KEYSTORE_TYPE = "javax.net.ssl.keyStoreType";
    public static final String JAVAX_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword";
    public static final String JAVAX_TRUSTSTORE = "javax.net.ssl.trustStore";
    public static final String JAVAX_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword";
    public static final String JAVAX_TRUSTSTORE_TYPE = "javax.net.ssl.trustStoreType";
    private static SSLConfigurationFactory instance = new SSLConfigurationFactory();
    private DistributionConfig distributionConfig = null;
    private Map<SecurableCommunicationChannel, SSLConfig> registeredSSLConfig = new HashMap();

    private SSLConfigurationFactory() {
    }

    private static synchronized SSLConfigurationFactory getInstance() {
        if (instance == null) {
            instance = new SSLConfigurationFactory();
        }
        return instance;
    }

    private DistributionConfig getDistributionConfig() {
        if (this.distributionConfig == null) {
            throw new GemFireConfigException("SSL Configuration requires a valid distribution config.");
        }
        return this.distributionConfig;
    }

    public static void setDistributionConfig(DistributionConfig distributionConfig) {
        if (distributionConfig == null) {
            throw new GemFireConfigException("SSL Configuration requires a valid distribution config.");
        }
        getInstance().distributionConfig = distributionConfig;
    }

    public static SSLConfig getSSLConfigForComponent(SecurableCommunicationChannel securableCommunicationChannel) {
        SSLConfig registeredSSLConfigForComponent = getInstance().getRegisteredSSLConfigForComponent(securableCommunicationChannel);
        if (registeredSSLConfigForComponent == null) {
            registeredSSLConfigForComponent = getInstance().createSSLConfigForComponent(securableCommunicationChannel);
            getInstance().registeredSSLConfigForComponent(securableCommunicationChannel, registeredSSLConfigForComponent);
        }
        return registeredSSLConfigForComponent;
    }

    private synchronized void registeredSSLConfigForComponent(SecurableCommunicationChannel securableCommunicationChannel, SSLConfig sSLConfig) {
        this.registeredSSLConfig.put(securableCommunicationChannel, sSLConfig);
    }

    private SSLConfig createSSLConfigForComponent(SecurableCommunicationChannel securableCommunicationChannel) {
        SSLConfig createSSLConfig = createSSLConfig(securableCommunicationChannel);
        SecurableCommunicationChannel[] securableCommunicationChannels = getDistributionConfig().getSecurableCommunicationChannels();
        if (securableCommunicationChannels.length == 0) {
            createSSLConfig = configureLegacyClusterSSL(createSSLConfig);
        }
        createSSLConfig.setSecurableCommunicationChannel(securableCommunicationChannel);
        switch (securableCommunicationChannel) {
            case ALL:
                createSSLConfigForComponent(SecurableCommunicationChannel.WEB);
                break;
            case CLUSTER:
                if (securableCommunicationChannels.length <= 0) {
                    createSSLConfig = configureLegacyClusterSSL(createSSLConfig);
                    break;
                } else {
                    createSSLConfig = setAliasForComponent(createSSLConfig, getDistributionConfig().getClusterSSLAlias());
                    break;
                }
            case LOCATOR:
                if (securableCommunicationChannels.length > 0) {
                    createSSLConfig = setAliasForComponent(createSSLConfig, getDistributionConfig().getLocatorSSLAlias());
                    break;
                }
                break;
            case SERVER:
                if (securableCommunicationChannels.length <= 0) {
                    createSSLConfig = configureLegacyServerSSL(createSSLConfig);
                    break;
                } else {
                    createSSLConfig = setAliasForComponent(createSSLConfig, getDistributionConfig().getServerSSLAlias());
                    break;
                }
            case GATEWAY:
                if (securableCommunicationChannels.length <= 0) {
                    createSSLConfig = configureLegacyGatewaySSL(createSSLConfig);
                    break;
                } else {
                    createSSLConfig = setAliasForComponent(createSSLConfig, getDistributionConfig().getGatewaySSLAlias());
                    break;
                }
            case WEB:
                if (securableCommunicationChannels.length <= 0) {
                    createSSLConfig = configureLegacyHttpServiceSSL(createSSLConfig);
                    break;
                } else {
                    createSSLConfig = setAliasForComponent(createSSLConfig, getDistributionConfig().getHTTPServiceSSLAlias());
                    createSSLConfig.setRequireAuth(getDistributionConfig().getSSLWebRequireAuthentication());
                    break;
                }
            case JMX:
                if (securableCommunicationChannels.length <= 0) {
                    createSSLConfig = configureLegacyJMXSSL(createSSLConfig);
                    break;
                } else {
                    createSSLConfig = setAliasForComponent(createSSLConfig, getDistributionConfig().getJMXSSLAlias());
                    break;
                }
        }
        configureSSLPropertiesFromSystemProperties(createSSLConfig);
        return createSSLConfig;
    }

    private SSLConfig setAliasForComponent(SSLConfig sSLConfig, String str) {
        if (!StringUtils.isEmpty(str)) {
            sSLConfig.setAlias(str);
        }
        return sSLConfig;
    }

    private SSLConfig createSSLConfig(SecurableCommunicationChannel securableCommunicationChannel) {
        SSLConfig sSLConfig = new SSLConfig();
        sSLConfig.setCiphers(getDistributionConfig().getSSLCiphers());
        sSLConfig.setEnabled(determineIfSSLEnabledForSSLComponent(securableCommunicationChannel));
        sSLConfig.setKeystore(getDistributionConfig().getSSLKeyStore());
        sSLConfig.setKeystorePassword(getDistributionConfig().getSSLKeyStorePassword());
        sSLConfig.setKeystoreType(getDistributionConfig().getSSLKeyStoreType());
        sSLConfig.setTruststore(getDistributionConfig().getSSLTrustStore());
        sSLConfig.setTruststorePassword(getDistributionConfig().getSSLTrustStorePassword());
        sSLConfig.setProtocols(getDistributionConfig().getSSLProtocols());
        sSLConfig.setRequireAuth(getDistributionConfig().getSSLRequireAuthentication());
        sSLConfig.setAlias(getDistributionConfig().getSSLDefaultAlias());
        return sSLConfig;
    }

    private boolean determineIfSSLEnabledForSSLComponent(SecurableCommunicationChannel securableCommunicationChannel) {
        if (ArrayUtils.contains(getDistributionConfig().getSecurableCommunicationChannels(), SecurableCommunicationChannel.NONE)) {
            return false;
        }
        return ArrayUtils.contains(getDistributionConfig().getSecurableCommunicationChannels(), SecurableCommunicationChannel.ALL) || ArrayUtils.contains(getDistributionConfig().getSecurableCommunicationChannels(), securableCommunicationChannel);
    }

    private SSLConfig configureLegacyClusterSSL(SSLConfig sSLConfig) {
        sSLConfig.setCiphers(getDistributionConfig().getClusterSSLCiphers());
        sSLConfig.setEnabled(getDistributionConfig().getClusterSSLEnabled());
        sSLConfig.setKeystore(getDistributionConfig().getClusterSSLKeyStore());
        sSLConfig.setKeystorePassword(getDistributionConfig().getClusterSSLKeyStorePassword());
        sSLConfig.setKeystoreType(getDistributionConfig().getClusterSSLKeyStoreType());
        sSLConfig.setTruststore(getDistributionConfig().getClusterSSLTrustStore());
        sSLConfig.setTruststorePassword(getDistributionConfig().getClusterSSLTrustStorePassword());
        sSLConfig.setProtocols(getDistributionConfig().getClusterSSLProtocols());
        sSLConfig.setRequireAuth(getDistributionConfig().getClusterSSLRequireAuthentication());
        return sSLConfig;
    }

    private SSLConfig configureLegacyServerSSL(SSLConfig sSLConfig) {
        sSLConfig.setCiphers(getDistributionConfig().getServerSSLCiphers());
        sSLConfig.setEnabled(getDistributionConfig().getServerSSLEnabled());
        sSLConfig.setKeystore(getDistributionConfig().getServerSSLKeyStore());
        sSLConfig.setKeystorePassword(getDistributionConfig().getServerSSLKeyStorePassword());
        sSLConfig.setKeystoreType(getDistributionConfig().getServerSSLKeyStoreType());
        sSLConfig.setTruststore(getDistributionConfig().getServerSSLTrustStore());
        sSLConfig.setTruststorePassword(getDistributionConfig().getServerSSLTrustStorePassword());
        sSLConfig.setProtocols(getDistributionConfig().getServerSSLProtocols());
        sSLConfig.setRequireAuth(getDistributionConfig().getServerSSLRequireAuthentication());
        return sSLConfig;
    }

    private SSLConfig configureLegacyJMXSSL(SSLConfig sSLConfig) {
        sSLConfig.setCiphers(getDistributionConfig().getJmxManagerSSLCiphers());
        sSLConfig.setEnabled(getDistributionConfig().getJmxManagerSSLEnabled());
        sSLConfig.setKeystore(getDistributionConfig().getJmxManagerSSLKeyStore());
        sSLConfig.setKeystorePassword(getDistributionConfig().getJmxManagerSSLKeyStorePassword());
        sSLConfig.setKeystoreType(getDistributionConfig().getJmxManagerSSLKeyStoreType());
        sSLConfig.setTruststore(getDistributionConfig().getJmxManagerSSLTrustStore());
        sSLConfig.setTruststorePassword(getDistributionConfig().getJmxManagerSSLTrustStorePassword());
        sSLConfig.setProtocols(getDistributionConfig().getJmxManagerSSLProtocols());
        sSLConfig.setRequireAuth(getDistributionConfig().getJmxManagerSSLRequireAuthentication());
        return sSLConfig;
    }

    private SSLConfig configureLegacyGatewaySSL(SSLConfig sSLConfig) {
        sSLConfig.setCiphers(getDistributionConfig().getGatewaySSLCiphers());
        sSLConfig.setEnabled(getDistributionConfig().getGatewaySSLEnabled());
        sSLConfig.setKeystore(getDistributionConfig().getGatewaySSLKeyStore());
        sSLConfig.setKeystorePassword(getDistributionConfig().getGatewaySSLKeyStorePassword());
        sSLConfig.setKeystoreType(getDistributionConfig().getGatewaySSLKeyStoreType());
        sSLConfig.setTruststore(getDistributionConfig().getGatewaySSLTrustStore());
        sSLConfig.setTruststorePassword(getDistributionConfig().getGatewaySSLTrustStorePassword());
        sSLConfig.setProtocols(getDistributionConfig().getGatewaySSLProtocols());
        sSLConfig.setRequireAuth(getDistributionConfig().getGatewaySSLRequireAuthentication());
        return sSLConfig;
    }

    private SSLConfig configureLegacyHttpServiceSSL(SSLConfig sSLConfig) {
        sSLConfig.setCiphers(getDistributionConfig().getHttpServiceSSLCiphers());
        sSLConfig.setEnabled(getDistributionConfig().getHttpServiceSSLEnabled());
        sSLConfig.setKeystore(getDistributionConfig().getHttpServiceSSLKeyStore());
        sSLConfig.setKeystorePassword(getDistributionConfig().getHttpServiceSSLKeyStorePassword());
        sSLConfig.setKeystoreType(getDistributionConfig().getHttpServiceSSLKeyStoreType());
        sSLConfig.setTruststore(getDistributionConfig().getHttpServiceSSLTrustStore());
        sSLConfig.setTruststorePassword(getDistributionConfig().getHttpServiceSSLTrustStorePassword());
        sSLConfig.setProtocols(getDistributionConfig().getHttpServiceSSLProtocols());
        sSLConfig.setRequireAuth(getDistributionConfig().getHttpServiceSSLRequireAuthentication());
        return sSLConfig;
    }

    private SSLConfig configureSSLPropertiesFromSystemProperties(SSLConfig sSLConfig) {
        return configureSSLPropertiesFromSystemProperties(sSLConfig, null);
    }

    private SSLConfig configureSSLPropertiesFromSystemProperties(SSLConfig sSLConfig, Properties properties) {
        if (StringUtils.isEmpty(sSLConfig.getKeystore())) {
            sSLConfig.setKeystore(getValueFromSystemProperties(properties, "javax.net.ssl.keyStore"));
        }
        if (StringUtils.isEmpty(sSLConfig.getKeystoreType())) {
            sSLConfig.setKeystoreType(getValueFromSystemProperties(properties, JAVAX_KEYSTORE_TYPE));
        }
        if (StringUtils.isEmpty(sSLConfig.getKeystorePassword())) {
            sSLConfig.setKeystorePassword(getValueFromSystemProperties(properties, "javax.net.ssl.keyStorePassword"));
        }
        if (StringUtils.isEmpty(sSLConfig.getTruststore())) {
            sSLConfig.setTruststore(getValueFromSystemProperties(properties, "javax.net.ssl.trustStore"));
        }
        if (StringUtils.isEmpty(sSLConfig.getTruststorePassword())) {
            sSLConfig.setTruststorePassword(getValueFromSystemProperties(properties, "javax.net.ssl.trustStorePassword"));
        }
        if (StringUtils.isEmpty(sSLConfig.getTruststoreType())) {
            sSLConfig.setTruststoreType(getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE_TYPE));
        }
        return sSLConfig;
    }

    private String getValueFromSystemProperties(Properties properties, String str) {
        String str2 = null;
        if (properties != null) {
            str2 = properties.getProperty(str);
        }
        if (str != null) {
            str2 = System.getProperty(str);
            if (str2 != null && str2.trim().equals("")) {
                str2 = System.getenv(str);
            }
        }
        return str2;
    }

    private SSLConfig getRegisteredSSLConfigForComponent(SecurableCommunicationChannel securableCommunicationChannel) {
        return this.registeredSSLConfig.get(securableCommunicationChannel);
    }

    public static void close() {
        getInstance().clearSSLConfigForAllComponents();
        getInstance().distributionConfig = null;
    }

    private void clearSSLConfigForAllComponents() {
        this.registeredSSLConfig.clear();
    }

    @Deprecated
    public static SSLConfig getSSLConfigForComponent(boolean z, boolean z2, String str, String str2, Properties properties, String str3) {
        SSLConfig sSLConfig = new SSLConfig();
        sSLConfig.setAlias(str3);
        sSLConfig.setCiphers(str2);
        sSLConfig.setProtocols(str);
        sSLConfig.setRequireAuth(z2);
        sSLConfig.setEnabled(z);
        return getInstance().configureSSLPropertiesFromSystemProperties(sSLConfig, properties);
    }
}
